CSP CERT® Article:
CSP CERT® as CNA Announcement

by CSP CERT®
posted September 2018

CSP CERT Vulnerability Research

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity Federal Funded Research and Development Centre (FFRDC), operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.

Cyber Security Philippines CERT® took a major step to reinforce its international recognition by becoming the first recognized CVE Numbering Authority (CNA) in the Philippines. This is due to its role in vulnerability coordination that was not covered by other CNA's. CNAs are organizations from around the world that are authorized to assign CVE entries to vulnerabilities affecting products within their distinct, agreed-upon scope. The CVE entries are submitted under inclusion for first-time public announcements of new vulnerabilities. Please check MITRE CVE Numbering Authority Announcement for CSP-CERT® http://cve.mitre.org/news/archives/2018/news.html.

CSP CERT®’s recently launched Vulnerability Research team under the Red Team Operations is in-charge of the research and discovery of vulnerabilities in different services and products and as well as the verification, CVE ID assignment and coordination of the vulnerabilities discovered and reported to the CSP-CERT® Coordination Center.

For vulnerability coordination, please visit our policy page https://www.cspcert.ph/policy.html for the procedures.